Upon discovering that the system has been breached, the initial reaction, marked by a skipped heartbeat, often prompts a common question: What steps should be taken next? 

According to a recent study, over the last two years, more than half of all organizations have experienced a breach from a third party. Regrettably, the predominant response to such incidents is to isolate the affected party. Surprisingly, as many as 83% of consumers confess to halting or discontinuing their transactions with an organization post-incident. 

While it is understandable for people to react to a security incident by distancing themselves from the affected organization, this response overlooks a valuable chance for the entire industry. The opportunity being discussed is the potential for shared learning and progress that arises when the specific details of an incident are made public. To put it differently, rather than merely reacting negatively, there is a prospect for the industry to unite, comprehend the incident, and leverage that understanding to enhance overall security practices and resilience. 

The terms 'cyberattack,' 'data breach,' and 'breach' are sometimes used interchangeably. However, it's important to note that not every cyberattack results in a data breach, and conversely, not all data breaches are a result of cyberattacks. 

A data breach happens when unauthorized individuals infiltrate secure systems, pilfering credential data that encompasses personal details like Social Security numbers, bank account information, and healthcare records. Additionally, corporate data, such as customer records, intellectual property, and financial information, may also be compromised. 

Despite having a security program deemed commercially reasonable, breaches persist. No entity is impervious. When assessing potential partners and vendors, a crucial factor to consider is their ability to respond effectively and their willingness to be transparent in the event of a security incident. Employees are gaining more understanding when it comes to security incidents. 

There's a shift from immediately blaming individuals for falling victim to phishing attacks. Security experts recognize that phishing is a numbers game, and as attack tactics become more sophisticated, acknowledging the role of human trust and error in our risk landscape is crucial. While businesses often implement successful security policies internally, the same level of scrutiny is not consistently applied to partners and vendors. 

Recognizing that breaches can happen despite precautions, it is crucial for businesses to include an evaluation of security measures in their vetting process. Hasty decisions to sever ties with a reliable partner after an attack can introduce additional risks, including operational challenges. Although distinguishing between an unexpected breach and a pattern of risky behaviour is vital, the availability of compliance frameworks and security assessments facilitates a more informed evaluation of a potential partner's breach readiness. 

Being more understanding about breaches does not mean organizations should skip their checks. Instead, businesses should always confirm if their partners follow the rules. Security questionnaires and reports remain crucial for ensuring organizations handle data carefully.